<?php

if ( !defined('ADMIN_FILE') )
{
	die ("Access Denied");
}
global $prefix, $db, $admin_file;
$aid = substr("$aid", 0,25);
$row = $db->sql_fetchrow($db->sql_query("SELECT title, admins FROM ".$prefix."_modules WHERE title='Duyurular'"));
$row2 = $db->sql_fetchrow($db->sql_query("SELECT name, radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
$admins = explode(",", $row['admins']);
$auth_user = 0;
for ($i=0; $i < sizeof($admins); $i++) {
    if ($row2['name'] == "$admins[$i]" AND $row['admins'] != "") {
        $auth_user = 1;	
    }
}

if ($row2['radminsuper'] == 1 || $auth_user == 1) {


function duyuru() {
    global $prefix,  $admin_file, $db, $aid;
    include("header.php");
    GraphicAdmin();
    OpenTable();
    echo "<center><font class=\"title\"><b>"._DUYURUYONET."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<center><b>"._YAYINDUYURU."</b></center>";
    echo "<table border=\"1\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\">
            <tr>
                <th>ID</th>
                <th>"._BASLIK."</th>
                <th>"._EKLEYEN."</th>
                <th>"._YAYINTARIH."</th>
                <th>"._ISLEMLER."</th>
            </tr>";
        $sql_duyuru=$db->sql_query("select id, name, date, baslik from ".$prefix."_duyuru order by date DESC");
        while(list($id, $ekleyen, $date, $baslik)=$db->sql_fetchrow($sql_duyuru)) {
        echo "<tr>
                <td align=center><b>$id</b></td>
                <td>$baslik</td>
                <td align=center>$ekleyen</td>
                <td align=center>$date</td>
                <td align=center><a href=\"".$admin_file.".php?op=duyuru_duzenle&id=$id\">"._DUZENLE."</a> | 
                <a href=\"".$admin_file.".php?op=duyuru_sil&id=$id\">"._SIL."</a></td>
        </tr>";
        }
    echo "</table>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<center>
    <form action=\"".$admin_file.".php?op=duyuru_ekle\" method=\"post\">
    <table border=\"0\" cellpadding=\"2\" cellspacing=\"1\">
    <tr>
        <th colspan=\"2\">"._DUYURUEKLEFORM."</th>
    </tr>
    <tr>
        <td>"._EKLEYEN.":</td>
        <td><input type=\"text\" size=\"35\" name=\"isim\" value=\"$aid\"></td>
    </tr>
    <tr>
        <td>"._EMAIL.":</td>
        <td><input type=\"text\" size=\"35\" name=\"email\"></td>
    </tr>
    <tr>
        <td>"._BASLIK.":</td>
        <td><input type=\"text\" size=\"35\" name=\"baslik\"></td>
    </tr>
    <tr>
        <td>"._DUYURUMETIN.":</td>
        <td><textarea name=\"metin\" rows=\"15\" cols=\"35\"></textarea></td>
    </tr>
    <tr>
        <td>&nbsp;</td>
        <td><input type=\"submit\" value=\""._GONDER."\"></td>
    </tr>
    </table> </form>
    </center>";
    CloseTable();
    include("footer.php");
}

function duyuru_duzenle($id) {
    global $prefix,  $admin_file, $db;
    include("header.php");
    GraphicAdmin();
    OpenTable();
    echo "<center><font class=\"title\"><b>"._DUYURUYONET."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    $sql = "SELECT * FROM ".$prefix."_duyuru where id=$id";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $id = $row[id];
    $isim = $row[name];
    $email = $row[email];
    $date = $row[date];
    $baslik = $row[baslik];
    $metin = $row[metin];
    echo "<center>
    <form action=\"".$admin_file.".php?op=duyuru_duzenle_kaydet\" method=\"post\">
    <table border=\"0\" cellpadding=\"2\" cellspacing=\"1\">
        <tr>
            <th colspan=\"2\">"._DUYURUDUZENLE."</th>
        </tr>
        <tr>
            <td>"._EKLEYEN.":</td>
            <td><input type=\"text\" size=\"35\" name=\"isim\" value=\"$isim\"></td>
        </tr>
        <tr>
            <td>"._EMAIL.":</td>
            <td><input type=\"text\" size=\"35\" name=\"email\" value=\"$email\"></td>
        </tr>
        <tr>
            <td>"._BASLIK.":</td>
            <td><input type=\"text\" size=\"35\" name=\"baslik\" value=\"$baslik\"></td>
        </tr>
        <tr>
            <td>"._DUYURUMETIN.":</td>
            <td><textarea name=\"metin\" rows=\"15\" cols=\"35\">$metin</textarea></td>
        </tr>
        <tr>
            <td><input type=\"hidden\" name=\"id\" value=\"$id\"></td>
            <td><input type=\"submit\" value=\""._GONDER."\"></td>
        </tr>
    </table>
    </form>
        <br><input type=button onClick=history.go(-1) value=\""._GERIDON."\"> 
    </center>";
    CloseTable();
    include("footer.php");
}


function duyuru_ekle($isim, $email, $baslik, $metin) {
    global $prefix,  $admin_file, $db;
    include("header.php");
    GraphicAdmin();
    OpenTable();
    echo "<center><font class=\"title\"><b>"._DUYURUYONET."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    if ($isim == "") {
    $error = 1;
    echo ""._KISIYOK."<br>";
    }

    if ($baslik == "") {
    $error = 1;
    echo ""._BASLIKYOK."<br>";
    }

    if ($metin == "") {
    $error = 1;
    echo ""._METINYOK."<br>";
    }

    if (!(ereg ('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email))) {
    $error = 1;
    echo ""._EMAILYOK."<br>";
    }

    if ($error == 1)
    echo "<br><input type=button onClick=history.go(-1) value=\""._GERIDON."\">";
    else {
    $sql = "INSERT INTO ".$prefix."_duyuru VALUES (NULL, '$isim', '$email', now(), '$baslik', '$metin')";
    $result = $db->sql_query($sql);
    echo ""._DUYURUEKLENDI."";
    Header("Refresh:3;url=".$admin_file.".php?op=duyuru");
    if(!$result) {
    echo ""._DUYURUEKLENEMEDI."<br>";
    echo "<br><input type=button onClick=history.go(-1) value=\""._GERIDON."\">"; 
    exit();
    }
    }
    CloseTable();
    include("footer.php");
}

function duyuru_duzenle_kaydet($id, $isim, $email, $baslik, $metin) {
    global $prefix,  $admin_file, $db;
    include("header.php");
    GraphicAdmin();
    OpenTable();
    echo "<center><font class=\"title\"><b>"._DUYURUYONET."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    if ($isim == "")
    {
    $error = 1;
    echo ""._KISIYOK."<br>";
    }

    if ($baslik == "")
    {
    $error = 1;
    echo ""._BASLIKYOK."<br>";
    }

    if ($metin == "")
    {
    $error = 1;
    echo ""._METINYOK."<br>";
    }

    if (!(ereg ('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$',   $email)))
    {
    $error = 1;
    echo ""._EMAILYOK."<br>";
    }

    if ($error == 1)
    echo "<br><input type=button onClick=history.go(-1) value=\""._GERIDON."\">";
    else
    {
    $sql = "UPDATE ".$prefix."_duyuru SET name='$isim', email='$email', baslik='$baslik', metin='$metin'  where id=$id";
    $result = $db->sql_query($sql);
    echo ""._DUYURUDUZENLENDI."";
    Header("Refresh:3;url=".$admin_file.".php?op=duyuru");   
    if(!$result) {
    echo ""._DUYURUDUZENLENEMEDI."<br>";
    echo "<br><input type=button onClick=history.go(-1) value=\""._GERIDON."\">";   
    exit();
    }
    }
    CloseTable();
    include("footer.php");
}

function duyuru_sil($id) {
    global $prefix,  $admin_file, $db;
    include("header.php");
    GraphicAdmin();
    OpenTable();
    echo "<center><font class=\"title\"><b>"._DUYURUYONET."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    $sql= "delete from ".$prefix."_duyuru where id = $id";
    $result = $db->sql_query($sql);
    echo ""._DUYURUSILINDI."";
    Header("Refresh:3;url=".$admin_file.".php?op=duyuru");   
    if(!$result) {
    echo ""._DUYURUSILINEMEDI."<br>";
    echo "<br><input type=button onClick=history.go(-1) value=\""._GERIDON."\">";   
    exit();
    }
    CloseTable();
    include("footer.php");
}

switch ($op) {

    case "duyuru":
    duyuru();
    break;

    case "duyuru_ekle":
    duyuru_ekle($isim, $email, $baslik, $metin);
    break;

    case "duyuru_duzenle":
    duyuru_duzenle($id);
    break;

    case "duyuru_duzenle_kaydet":
    duyuru_duzenle_kaydet($id, $isim, $email, $baslik, $metin);
    break;

    case "duyuru_sil":
    duyuru_sil($id);
    break;

}

} else {
    echo "Access Denied";
}

?>
